秋田预测市场 · Discord 审计

galaxy101参与话题 0消息总数 4

该用户的聊天记录定位。

Reset

聊天记录

共 4 条,显示第 1-4 条
galaxy101 2026-06-01 05:00:02 Polymarket

Polymarket Security / Ops Team I'm posting this here because nobody is responding to me at all. This morning I was targeted and compromised by a highly sophisticated AiTM (Adversary-in-the-Middle) phishing campaign that originated from a malicious link dropped in the live market comment section. I ended up taking a significant loss, but I have mapped the entire exploit funnel and want to hand the forensic data. Here is the exact sequence the threat actor used: They posted a comment regarding "disappearing liquidity" in a market I was actively trading, linking to what appeared to be a legitimate news source: feedreuters.com. That domain hosted a fake article titled "Polymarket US Opens the Gates to Everyone | Reuters", which contained a link to check the market. The link routed to an active reverse-proxy infrastructure at polymarket.usmarketsupdate.com. This proxy perfectly mirrored the Magic Labs login flow, intercepted my session token, and immediately liquidated my position. The primary collection wallet the attacker used is G55RKasUnddqB2J9rRVbyvGcP7fMjw17CpmbnB3uiXWS. It is currently sitting on over $1.7 Million USD (21,700+ SOL), indicating this is a highly capitalized threat actor targeting the community.

Polymarket Security / Ops Team I'm posting this here because nobody is responding to me at all. This morning I was targeted and compromised by a highly sophisticated AiTM (Adversary-in-the-Middle) phishing campaign that originated from a malicious link dropped in the live market comment section. I ended up taking a significant loss, but I have mapped the entire exploit funnel and want to hand the forensic data. Here is the exact sequence the threat actor used: They posted a comment regarding "disappearing liquidity" in a market I was actively trading, linking to what appeared to be a legitimate news source: feedreuters.com. That domain hosted a fake article titled "Polymarket US Opens the Gates to Everyone | Reuters", which contained a link to check the market. The link routed to an active reverse-proxy infrastructure at polymarket.usmarketsupdate.com. This proxy perfectly mirrored the Magic Labs login flow, intercepted my session token, and immediately liquidated my position. The primary collection wallet the attacker used is G55RKasUnddqB2J9rRVbyvGcP7fMjw17CpmbnB3uiXWS. It is currently sitting on over $1.7 Million USD (21,700+ SOL), indicating this is a highly capitalized threat actor targeting the community.

galaxy101 2026-05-31 21:12:47 Polymarket

I took a screenshot before I was locked out. My portfolio shows 0 dollar but the history tab shows withdrawal was only $2000. I had $40000 in the account

I took a screenshot before I was locked out. My portfolio shows 0 dollar but the history tab shows withdrawal was only $2000. I had $40000 in the account

galaxy101 2026-05-31 21:09:08 Polymarket

Need urgent help

Need urgent help

galaxy101 2026-05-31 21:08:14 Polymarket

Hi Support, this is serious. My account was compromised via an AitM session hijack. The attacker locked me out, liquidated my shares, and initiated a withdrawal. Please freeze any pending relayer transactions for my proxy wallet immediately

Hi Support, this is serious. My account was compromised via an AitM session hijack. The attacker locked me out, liquidated my shares, and initiated a withdrawal. Please freeze any pending relayer transactions for my proxy wallet immediately